mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-04 12:21:31 +01:00
78 lines
2.6 KiB
Plaintext
78 lines
2.6 KiB
Plaintext
@c instguide.texi - Installation guide for GnuPG
|
|
@c Copyright (C) 2006 Free Software Foundation, Inc.
|
|
@c This is part of the GnuPG manual.
|
|
@c For copying conditions, see the file gnupg.texi.
|
|
|
|
@node Installation
|
|
@chapter A short installation guide
|
|
|
|
Unfortunately the installation guide has not been finished in time.
|
|
Instead of delaying the release of GnuPG 2.0 even further, I decided to
|
|
release without that guide. The chapter on gpg-agent and gpgsm do
|
|
include brief information on how to set up the whole thing. Please
|
|
watch the GnuPG website for updates of the documentation. In the
|
|
meantime you may search the GnuPG mailing list archives or ask on the
|
|
gnupg-users mailing list for advise on how to solve problems or how to
|
|
get that whole thing up and running.
|
|
|
|
** Building the software
|
|
|
|
Building the software is described in the file @file{INSTALL}. Given
|
|
that you are already reading this documentation we can only give some
|
|
extra hints.
|
|
|
|
To comply with the rules on GNU systems you should have build time
|
|
configured @command{gnupg} using:
|
|
|
|
@example
|
|
./configure --sysconfdir=/etc --localstatedir=/var
|
|
@end example
|
|
|
|
This is to make sure that system wide configuration files are searched
|
|
in the directory @file{/etc} and variable data below @file{/var};
|
|
the default would be to also install them below @file{/usr/local} where
|
|
the binaries get installed. If you selected to use the
|
|
@option{--prefix=/} you obviously don't need those option as they are
|
|
the default then.
|
|
|
|
|
|
** Notes on setting a root CA key to trusted
|
|
|
|
X.509 is based on a hierarchical key infrastructure. At the root of the
|
|
tree a trusted anchor (root certificate) is required. There are usually
|
|
no other means of verifying whether this root certificate is trustworthy
|
|
than looking it up in a list. GnuPG uses a file (@file{trustlist.txt})
|
|
to keep track of all root certificates it knows about. There are 3 ways
|
|
to get certificates into this list:
|
|
|
|
@itemize
|
|
@item
|
|
Use the list which comes with GnuPG. However this list only
|
|
contains a few root certificates. Most installations will need more.
|
|
|
|
@item
|
|
Let @command{gpgsm} ask you whether you want to insert a new root
|
|
certificate. This feature is enabled by default; you may disable it
|
|
using the option @option{no-allow-mark-trusted} into
|
|
@file{gpg-agent.conf}.
|
|
|
|
@item
|
|
Manually maintain the list of trusted root certificates. For a multi
|
|
user installation this can be done once for all users on a machine.
|
|
Specific changes on a per-user base are also possible.
|
|
@end itemize
|
|
|
|
@c describe how to maintain trustlist.txt and /etc/gnupg/trustlist.txt.
|
|
|
|
|
|
@c ** How to get the ssh support running
|
|
@c
|
|
@c XXX How to use the ssh support.
|
|
|
|
|
|
@c @section Installation Overview
|
|
@c
|
|
@c XXXX
|
|
|
|
|